Researchers Link Cheerscrypt Linux-Based Ransomware to Chinese Hackers

The recently discovered Linux-Based ransomware strain known as Cheerscrypt has been outed as a handiwork of a Chinese cyber espionage group known for operating short-lived ransomware schemes. Cybersecurity firm Sygnia attributed the attacks to a threat actor it tracks under the name Emperor...

Monti ransomware infiltrates networks via the well-known Log4Shell

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Monti ransomware infiltrated the clients internet-facing VMware Horizon virtualization system by exploiting the well-known "Log4Shell" vulnerability, a.k.a. CVE-2021-44228. Furthermore, the threat...

Opencast < 9.10, 10.x < 10.6 Log4j RCE Vulnerability (GHSA-mf4f-j588-5xm8, Log4Shell)

Opencast is prone to a remote code execution RCE vulnerability in the Apache Log4j library dubbed SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...

North Korean Lazarus Hackers Targeting Energy Providers Around the World

A malicious campaign mounted by the North Korea-linked Lazarus Group targeted energy providers around the world, including those based in the United States, Canada, and Japan, between February and July 2022. "The campaign is meant to infiltrate organizations around the world for establishing...

Apache Archiva < 2.2.6 Multiple Log4j Vulnerabilities (Log4Shell) - Active Check

Apache Archiva is prone to multiple vulnerabilities in the Apache Log4j library. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Google Launches New Open Source Bug Bounty to Tackle Supply Chain Attacks

Google on Monday introduced a new bug bounty program for its open source projects, offering payouts anywhere from $100 to $31,337 a reference to eleet or leet to secure the ecosystem from supply chain attacks. Called the Open Source Software Vulnerability Rewards Program OSS VRP, the offering is...

MobileIron Core Unauthenticated JNDI Injection RCE (via Log4Shell)

MobileIron Core is affected by the Log4Shell vulnerability whereby a JNDI string sent to the server will cause it to connect to the attacker and deserialize a malicious Java object. This results in OS command execution in the context of the tomcat user. This module will start an LDAP server that...

Iranian Hackers Exploiting Unpatched Log4j 2 Bugs to Target Israeli Organizations

Iranian state-sponsored actors are leaving no stone unturned to exploit unpatched systems running Log4j to target Israeli entities, indicating the vulnerability's long tail for remediation. Microsoft attributed the latest set of activities to the umbrella threat group tracked as MuddyWater aka...

Ox4Shell - Deobfuscate Log4Shell Payloads With Ease

Deobfuscate Log4Shell payloads with ease. Description Since the release of the Log4Shell vulnerability CVE-2021-44228, many tools were created to obfuscate Log4Shell payloads, making the lives of security engineers a nightmare. This tool intends to unravel the true contents of obfuscated Log4Shel...

Pushing Open-Source Security Forward: Insights From Black Hat 2022

Open-source security has been a hot topic in recent years, and it's proven to be something of a double-edged sword. On the one hand, there's an understanding of the potential that open-source tools hold for democratizing security, making industry best practices accessible to more organizations an...

Security Bulletin: Vulnerability in Apache Log4j affects IBM InfoSphere Master Data Management (CVE-2021-44228 )

Summary There is a vulnerability in the Apache Log4j open source library used by IBM InfoSphere Master Data Management v11.6 and v12.0. Vulnerability Details CVEID:CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the failure...

Metasploit Weekly Wrap-Up

Log4Shell in MobileIron Core Thanks to jbaines-r7 we have yet another Log4Shell exploit. Similar to the other Log4Shell exploit modules, the exploit works by sending a JNDI string that once received by the server will be deserialized, resulting in unauthenticated remote code execution as the tomc...

MobileIron Log4Shell Remote Command Execution Exploit

MobileIron Core is affected by the Log4Shell vulnerability whereby a JNDI string sent to the server will cause it to connect to the attacker and deserialize a malicious Java object. This results in OS command execution in the context of the tomcat user. This Metasploit module will start an LDAP...

MobileIron Log4Shell Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MobileIron Core Unauthenticated JNDI Injection RCE via Log4Shell', 'Description' = %q MobileIron Core is affected by the Log4Shell vulnerability...

LockBit Ransomware Abuses Windows Defender to Deploy Cobalt Strike Payload

A threat actor associated with the LockBit 3.0 ransomware-as-a-service RaaS operation has been observed abusing the Windows Defender command-line tool to decrypt and load Cobalt Strike payloads. According to a report published by SentinelOne last week, the incident occurred after obtaining initia...

Malicious Npm Packages Tapped Again to Target Discord Users

Threat actors once again are using the node package manager npm repository to hide malware that can steal Discord tokens to monitor user sessions and steal data on the popular chat and collaboration platform, researchers have found. A campaign discovered this week by Kaspersky researchers is hidi...

Security Bulletin: A Remote Attack Vulnerability in Apache Log4j affects IBM Engineering Lifecycle Optimization - Publishing

Summary There is a Vulnerability in Apache Log4j CVE-2021-44228 which is used by "IBM Engineering Lifecycle Optimization - Publishing PUB" and "Rational Publishing Engine RPE." Vulnerability Details CVEID:CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary...

CISA Releases Log4Shell-Related MAR

From May through June 2022, CISA responded to an organization that was compromised by an exploitation of an unpatched and unmitigated Log4Shell vulnerability in a VMware Horizon server. CISA analyzed five malware samples obtained from the organization’s network and released a Malware Analysis...

Apache Apereo CAS Log4Shell Direct Check (CVE-2021-44228)

Binary data apacheapereocaslog4shell.nbin...

Malicious Cyber Actors Continue to Exploit Log4Shell in VMware Horizon Systems

Summary Actions to take today: • Install fixed builds, updating all affected VMware Horizon and UAG systems to the latest versions. If updates or workarounds were not promptly applied following VMware’s release of updates for Log4Shell in December 2021,treat all affected VMware systems as...